Score:0

how can I NAT a NAT IP

kz flag

I have a server on AWS with a floating (secondary) IP. During integrations with a partner I provide my secondary IP to be whitelisted and define a POSTROUTING rule to SNAT my IP to the secondary IP to reach to destination such as

sudo iptables -t nat -A POSTROUTING -d partnersip/32 -s myprivateip -j SNAT --to-source secondaryip 

But now I've come to a scenario where my partner is also using NAT and I would like to know if it's possible to NAT my secondary IP to the partners NAT IP in the same server after defining my POSTROUTING rules to nat to my secondary IP. something like

sudo iptables -t nat -A POSTROUTING -d partnersip/32 -s secondaryip -j SNAT --to-source partnersnat.ip .

in flag
Have you tried it? NAT on NAT is no problem in itself, addressing might become confusing and some consideration might be needed to not get conflicts. I would also consider using `MASQUERADE` instead of SNAT. If this is only local traffic and not forwarding then `ip route add partnersip/32 ... src secondaryip` might be better.
Nikita Kipriyanov avatar
za flag
Likely this is possible. To have a concrete answer please ask more concrete question: clarify the desired packet route and the underline at which points address (and port) translations should take place. I.e. packet enters your system ip1:port1, then it translates to ip2:port2, then it travels to system ip2, where it translates to ip3:port3, like this.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.